openbsd-ports/net/ejabberd/pkg/README
gsoares 5195ab3fab SECURITY update to ejabberd-2.1.9
Fix for CVE-2011-4320
(ejabberd "<publish>" Stanza Parsing Denial of Service Vulnerability)

ok viq(maintainer) sthen@ jasper@
2011-11-22 17:11:07 +00:00

76 lines
2.9 KiB
Plaintext

$OpenBSD: README,v 1.5 2011/11/22 17:11:07 gsoares Exp $
+-----------------------------------------------------------------------
| Running ${FULLPKGNAME} on OpenBSD
+-----------------------------------------------------------------------
* Migration
When moving database between machines, or upgrading from 1.1.x to
2.x.x version you will need to follow the instructions available at
http://www.ejabberd.im/migrate-host
Node name is by default set to ejabberd@`hostname -s`
* Configuration
* DNS
SRV records for your server can make your life easier. Example
records:
_jabber._tcp.example.org. SRV 5 0 5269 host.example.org.
_xmpp-server._tcp.example.org. SRV 5 0 5269 host.example.org.
_xmpp-client._tcp.example.org. SRV 5 0 5222 host.example.org.
* Configuration file
Set up the hostnames served by the server:
{hosts, ["example.net", "example.com", "example.org"]}.
Add administrative user
{acl, admin, {user, "ermine", "example.org"}}.
If you want to disallow in-band registration of users:
{access, register, [{deny, all}]}.
Users to get notifications about created new accounts:
{registration_watchers, ["admin1@example.org"]},
* Running
Control is done using ${TRUEPREFIX}/sbin/ejabberdctl, run it without
arguments for list of possible commands and flags. It needs to be
executed as either root or _ejabberd user.
To start ejabberd at boot time, you may insert the following
into ${SYSCONFDIR}/rc.local:
if [ -x ${TRUEPREFIX}/sbin/ejabberdctl ]; then
echo -n ' ejabberd'; ${TRUEPREFIX}/sbin/ejabberdctl start
fi
* Administration
ejabberdctl has some commands for administration of the server. After
starting ejabberd run ejabberdctl again for the list of options.
Another possibility, giving you more options, is the web interface,
available at http://your.server:5280/admin/ where you need to log in
as a user added to admin acl group, give your full jid and your
account password
* Using SSL
The sample configuration enables SSL by default. You just need to
generate the keys. Note that you should enter your domain name as the
Common Name for your certificate.
# openssl req -new -nodes -x509 -newkey rsa:4096 -days 365 \
-keyout ${SYSCONFDIR}/ejabberd/myserver.pem -out ${SYSCONFDIR}/ejabberd/myserver.pem
# chown root:_ejabberd ${SYSCONFDIR}/ejabberd/myserver.pem
# chmod 640 ${SYSCONFDIR}/ejabberd/myserver.pem
To disable SSL comment out (prepend with %%) lines containing
'certfile' and the whole block pertaining to port 5223
* Hostname resolving
As Erlang is rather picky when it comes to resolving the hostname of
the Jabber server. It requires the machine's shortname to be
resolveable to the local address. A line such as the following for
/etc/hosts suffices (make sure my_hostname matches the output of
`hostname -s`):
127.0.0.1 my_hostname